Chicago's Midwest Orthopaedics at Rush (MOR) recently announced that 1,256 patients' personal information may have been exposed when the personal e-mail account of MOR physician Dr. Anthony Romeo was hacked on or around February 10, 2014 (h/t Becker's Hospital CIO).

The Chicago Tribune reports that the account in question was a Gmail account.

The account contained e-mails regarding surgical scheduling for 1,256 patients. The e-mails included one or more of the following: names, birthdates, surgical descriptions or codes, surgical dates and special surgical instructions.


No fianancial information or Social Security numbers were exposed.

MOR spokesperson Ann Pitcher told the Tribune that law enforcement had not been contacted regarding the incident, but that the federal Department of Health and Human Services had been notified.

"We take this situation very seriously and apologize that this incident occured," MOR CEO Dennis Viellieu said in a statement [PDF]. "Maintaining the integrity of confidential patient information is of utmost importance to us."

In response to the breach, MOR says it's working with industry experts to investigate the incident, notifying all affected patients, eliminating the use of outside physician e-mail accounts within MOR's domain, reviewing and updating privacy policies and preventative measures, and conducting annual training for employees regarding properly securing and transmitting personal health information (PHI).

Patients with questions are advised to contact (877) 852-3394.

Photo courtesy of Shutterstock.